CVE-2024-49856
📋 TL;DR
A deadlock vulnerability in the Linux kernel's SGX (Software Guard Extensions) NUMA node search can cause soft lockups when the current CPU node lacks EPC memory sections. This affects systems with Intel SGX enabled and specific NUMA configurations, potentially leading to denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes unresponsive due to soft lockup, requiring hard reboot and causing extended downtime.
Likely Case
Degraded performance or temporary system hangs when SGX operations are attempted on nodes without EPC sections.
If Mitigated
Minor performance impact during SGX operations if system has proper NUMA/SGX configuration.
🎯 Exploit Status
Requires local access, SGX enabled, specific NUMA configuration, and ability to trigger SGX operations on affected nodes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0f89fb4042c08fd143bfc28af08bf6c8a0197eea or later
Vendor Advisory: https://git.kernel.org/stable/c/0f89fb4042c08fd143bfc28af08bf6c8a0197eea
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable SGX
linuxCompletely disable Intel SGX if not required
Add 'nosgx' to kernel boot parameters in GRUB configuration
Configure EPC sections on all NUMA nodes
linuxEnsure each NUMA node has EPC memory sections configured
Requires BIOS/UEFI firmware configuration
🧯 If You Can't Patch
- Disable SGX via kernel boot parameter 'nosgx'
- Avoid SGX-intensive workloads on systems with mixed NUMA/SGX configurations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and SGX status: 'uname -r' and 'dmesg | grep -i sgx'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit: 'uname -r' should match patched version📡 Detection & Monitoring
Log Indicators:
- Kernel soft lockup messages in dmesg
- SGX-related errors in system logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for 'soft lockup' or 'CPU stuck' messages in kernel logs🔗 References
- https://git.kernel.org/stable/c/0f89fb4042c08fd143bfc28af08bf6c8a0197eea
- https://git.kernel.org/stable/c/20c96d0aaabfe361fc2a11c173968dc67feadbbf
- https://git.kernel.org/stable/c/40fb64257dab507d86b5f1f2a62f3669ef0c91a8
- https://git.kernel.org/stable/c/8132510c915815e6b537ab937d94ed66893bc7b8
- https://git.kernel.org/stable/c/9c936844010466535bd46ea4ce4656ef17653644
- https://git.kernel.org/stable/c/fb2d057539eda67ec7cfc369bf587e6518a9b99d
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
